Awesome

Windows_STIG_Ansible

Ansible Playbooks for SimeonOnSecurity's STIG Scripts

Notes:

• Offline support is only supported when downloading direct from this github.
• Ansible galaxy collection does not include the offline copies of the dependencies

Requirements:

• Requires you have secure WinRM over HTTPS already configured on your Windows Systems
  • STIGs mandate you have WinRM over HTTPs if you use WinRM. This in mind, this collection enforces changes that enforce WinRM over HTTPs. If you're using plaintext WinRM this collection will break your communication with your windows hosts.
  • Read the following for more information:
    • Ansible - Setting up a Windows Host
    • Microsoft - Security Considerations for PowerShell Remoting using WinRM
    • Microsoft - How to configure WINRM for HTTPS
• Must be using a domain account for your ansible user
  • UAC is enforced with implementing STIGs and with this Collection
  • With UAC enabled, winrm disallows all local accounts even with specific exceptions

Usage:

Installation:

• Ansible Galaxy

ansible-galaxy collection install simeononsecurity.windows_stigs

Based on:

• simeononsecurity/STIG-Compliant-Domain-Prep
• simeononsecurity/Standalone-Windows-STIG-Script
• simeononsecurity/Standalone-Windows-Server-STIG-Script
• simeononsecurity/Windows-Defender-STIG-Script
• simeononsecurity/.NET-STIG-Script
• simeononsecurity/FireFox-STIG-Script
• simeononsecurity/Oracle-JRE-8-STIG-Script
• simeononsecurity/Adobe-Reader-DC-STIG-Script

Links:

• github.com/simeononsecurity

• simeononsecurity.com